Security: authzed/spicedb
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Caveat structures with nested lists can result in improper cache reuseGHSA-mqcf-gqvg-rmhm published
May 15, 2026 by tstirrat15Low -
SPICEDB_DATASTORE_CONN_URI is leaked on startup logsGHSA-jf4f-rr2c-9m58 published
Apr 14, 2026 by miparnisariModerate -
LookupResources Cursor section tampering can crash SpiceDB process via tuple.MustParse panicGHSA-vhvq-fv9f-wh4q published
Feb 6, 2026 by tstirrat15Low -
LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete ResultsGHSA-9m7r-g8hg-x3vr published
Nov 20, 2025 by tstirrat15Low -
WriteRelationships fails silently if payload is too bigGHSA-pm3x-jrhh-qcr7 published
Nov 10, 2025 by miparnisariLow -
Checks involving relations with caveats can result in no permission when permission is expectedGHSA-cwwm-hr97-qfxm published
Jun 5, 2025 by miparnisariLow -
Calls to LookupResources using LookupResources2 with caveats may return context is missing when it is notGHSA-3c32-4hq9-6wgj published
Oct 14, 2024 by vroldanbetLow -
Multiple caveats on resources of the same type can result in no permission when permission is expectedGHSA-jhg6-6qrx-38mr published
Sep 18, 2024 by josephschorrLow -
Exclusions under arrows with multiple resources can result in no permission returned when permission expectedGHSA-grjv-gjgr-66g2 published
Jun 20, 2024 by josephschorrLow -
LookupSubjects may return partial results if a specific kind of relation is usedGHSA-j85q-46hg-36p2 published
Apr 10, 2024 by ecordellLow